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Polynomial-based multi-user key generation and authentication method and system 



The invention relates to a method of generating a common secret between a 
first party and a second party, in which the first party holds a value pi and a symmetrical 
polynomial P(x,y) fixed in the first argument by the value pi, and the first party performs the 
steps of sending the value pi to the second party, receiving a value p2 from the second party 
and calculating the secret S! by evaluating the polynomial P(pi, y) in p2- 

The invention further relates to a system comprising a first party, a second 
party and a trusted third party, arranged to execute such a method, to devices arranged to 
function as first or second party in this system and to a computer program product. 



An embodiment of the method according to the preamble is known from R. 
Blom, Non-public key distribution, Advances in Cryptology-Proceedings of Crypto 82, 231- 
236, 1983. 

Authentication plays an important role in digital communication networks 
and in content protection systems. Devices that communicate with each other need to be 
convinced of each other's trustworthiness. They should not give confidential information to a 
non-trusted party. Authentication procedures are often based on public key techniques which 
require a lot of processing power. In many applications this (processing) power is not 
available in which case these public key techniques can not be applied straightforwardly. 

A solution that is sometimes proposed, is based on the use of symmetric 
ciphers which consume much less power. However these suffer from the drawback that they 
require a global system secret in each device which is not desirable for products that come in 
large numbers. 

Digital communication networks are becoming more and more common also 
in CE applications and drive the need for cheap and low power authentication protocols. 
Although this power constraint is in general true for portable CE devices and smart-cards 
etc., it is especially tight in "Chip In Disc" (CID) type-products, such as described in 
international patent application PCT/ EP01/09628 (attorney docket PHNL010233) by the 
same applicant as the present application. 
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The basic approach behind CID is to put a chip on a carrier like a CD or DVD, 
which is then used for content protection purposes. The chip will allow the player to play the 
content (give it access to the descramble keys it carries) as soon as it is convinced that the 
player can be trusted. On the other hand, the player will not play any content on a non-trusted 
5 disc. Therefore both, the player and the CID need some means for authentication. 

It is important to note that the chip has only very limited power 
(approximately 0.5 mW) at its disposal and can therefore not carry out very complicated 
calculations. This means that public key techniques (such as RSA or ElGamal) cannot be 
used immediately. The CID authentication problem is a typical example of an authentication 
10 problem in the CE world. 

~ The article byBlom referenced above discloses a common key or conference 
key generation method using a secret sharing protocol based on a symmetric polynomial in 
two variables. This protocol is illustrated in Fig. 1. Basically, one party, called the prover 
(abbreviated as P) tries to convince another party in the system, called the verifier 
15 (abbreviated as V) that he knows a secret that is also known to the verifier. If the verifier is 
convinced, the prover is authenticated. 

In the system, a Trusted Third Party (TTP) chooses a symmetric (n+1) x (n+1) 
matrix T, whose entries Uj represent respective coefficients of an n-ih degree polynomial P in 
two variables, which is defined as follows: 

20 P(x 9 y)= £ tgx'yJ 

It is clear that P(x, y) = P(y, x) for all x and y in the domain of the polynomial. 
The polynomial P can be projected on the space of w-th degree polynomials in one variable 
by fixing the argument x to a certain value, say p: P p (y) = P(p, y). From the definition of the 
polynomial P, the symmetry of the matrix T and the resulting symmetry of P(x, y) it then 
25 follows that P p (q) = P q (p) for all p and q. 

According to Blom, every device that needs to be able to generate a common 
secret with an other device receives a pair (P p (y), p), i.e. the polynomial P fixed in p and the 
value p which was used to generate P p (y) from P(x, y). The shared secret between the devices 
(P p , p) and (P q , q) is given by P p (q) = P q (p) which is generated by exchanging p and q 
30 evaluating the polynomials to yield a secret Si for P and S 2 for V. 

In this approach the global secret consists of the matrix T which has 
1 /2(-n+l-)(-n+2-)4ndepend^ 
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every party in the form of a respective value p and the polynomial P p (y) with n + 1 
coefficients of the form 

z=0 

This gives every party n-H linear equations in the 1 >4(n+l)(n+2) unknowns Uj 
5 which makes it clear that one party can not retrieve the global secret T. Only if V2(n + 2) 
parties, all with a different value p cooperate will it be possible to retrieve the matrix T. 

This presents a major drawback of the known protocol: if a sufficient number 
of parties cooperate, the global secret T can be retrieved, unless the number of different 
values of pi is less than l A(n + 2). But this means that the number of different shares is limited 
10 to approximately half the degree of the polynomial to prevent revealing the global system 
secret T. Furthermore, when two parties communicate they always generate the same 
common secret. 



15 It is an object of the invention to provide a method according to the preamble, 

which allows a greater number of different shares of the global secret to be distributed to 

parties without having to increase the order of the polynomial P. 

This object is achieved according to the invention in a method which is 

characterized in that the first party additionally holds a value qi and a symmetrical 
20 polynomial Q(x, y) fixed in the first argument by the value qi, and further performs the steps 

of sending qi to the second party, receiving q 2 from the second party and calculating the 

secret Si as Si=Q(qi, q 2 >P(pi, P2). 

While the number of values for pj is still limited to ^(n + 2), a larger number 

of different shares can now be distributed to the parties. The number of values for q* in the 
25 total system is not limited by the degree of the polynomial P, as is the case in the Blom 

system, but only by the number of possible elements qi in the domain of Q. This makes it 

possible for a sufficient number of qi's to supply every party with a unique share of the global 

secret. 

In an embodiment the first party further performs the steps of obtaining a 
30 random number n, calculating r r qi, sending n-qi to the second party, receiving r 2 -q 2 from the 
second party and calculating the secret Si as Si=Q(qi, ri*rrq 2 )-P(pi, P2). The random 
numbers ri and r 2 hide the values of qi and q 2 , which makes it very difficult for an 
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eavesdropper or a non-compliant device to learn something about qi and q 2 . Secondly, the 
values of ri and r 2 end up multiplicatively in the results of the evaluation of the polynomials 
P and Q, and thus the calculated secrets Si and S 2 have a random character, too. This means 
that, if Si and S 2 are used as a key in a symmetric cipher later on, it will be difficult for an 

5 eavesdropper to break the encryption. Additionally, a different common secret can now be 
generated at every new session between two devices. 

In a further embodiment the first party holds the value qi multiplied by an 
arbitrarily chosen value r, and the product Q(qi, z)P(pi, y) instead of the individual 
polynomials P(p,, y) and Q(qi, z), and the first party performs the steps of calculating n-r-qi, 

10 sending n-r-qi to the second party, receiving r 2 -r-q 2 from the second party and calculating the 
~7ecreYs7a^^ 

adversary who gains access to a device and tries to learn the global secret T and/or the values 
qi or q 2 .. 

Preferably, the first party subsequently verifies that the second party knows 
1 5 the secret S, . The first party could apply a zero-knowledge protocol to verify that the second 
party knows the secret Si. Preferably this protocol is the Guillou-Quisquater protocol with 
public values e and m. This has the advantage that in the present invention the Guillou- 
Quisquater protocol can be very secure for low values of e because it does not allow an 
adversary to anticipate a challenge. Furthermore it is efficient in terms of communication 

20 and memory usage. 

Alternatively, the first party can apply a commitment-based protocol to verify 
that the second party knows the secret Si. Using a commitment protocol based on a 
symmetric cipher such as DES, Lombok or AES is very efficient in terms of power 
consumption in a device executing the method. Preferably, the first party subsequently uses 

25 the same symmetric cipher as a commit function to commit himself to a decryption of the 
encrypted random challenge. This has the additional advantage that the complexity of the 
implementation is now reduced, as the hardware and/or software for encrypting the challenge 
can be reused for executing the commit function. 

Other advantageous embodiments are set out in the dependent claims. 

30 



These and other aspects of the invention will be apparent from and elucidated 
?.vith refer^rr" to the ^hnHimmts shown i n the drawing s , in which: 
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Fig. 1 illustrates a secret sharing protocol based on a symmetric polynomial in 

two variables according to Blom; 

Fig. 2 schematically shows a system comprising devices interconnected via a 
network, the devices being arranged to operate in accordance with the invention; 

Fig. 3 schematically shows a generalization of the system of Fig. 2, 
comprising a prover, a verifier and a trusted third party; 

Fig. 4 illustrates a secret sharing protocol between the prover and the verifier, 
based on two symmetrical polynomials each in two variables; 

Fig. 5 illustrates a variation on the protocol of Fig. 4 in which the two 
polynomials are symmetrical only in a limited number of points; 

Fig. 6 illustrates the Guillou-Quisquater protocol; and 

Fig. 7 illustrates a commitment-based protocol. 



Throughout the figures, same reference numerals indicate similar or 
corresponding features. Some of the features indicated in the drawings are typically 
implemented in software, and as such represent software entities, such as software modules 
or objects. 

Fig. 2 schematically shows a system 100 comprising devices 101-105 
interconnected via a network 1 10. In this embodiment, the system 100 is an in-home 
network. A typical digital home network includes a number of devices, e.g. a radio receiver, a 
tuner/decoder, a CD player, a pair of speakers, a television, a VCR, a tape deck, and so on. 
These devices are usually interconnected to allow one device, e.g. the television, to control 
another, e.g. the VCR. One device, such as e.g. the tuner/decoder or a set top box (STB), is 
usually the central device, providing central control over the others. 

Content, which typically comprises things like music, songs, movies, TV 
programs, pictures and the likes, is received through a residential gateway or set top box 101. 
The source could be a connection to a broadband cable network, an Internet connection, a 
satellite downlink and so on. The content can then be transferred over the network 1 10 to a 
sink for rendering. A sink can be, for instance, the television display 102, the portable display 
device 103, the mobile phone 104 and/or the audio playback device 105. 

The exact way in which a content item is rendered depends on the type of 
device and the type of content. For instance, in a radio receiver, rendering comprises 
generating audio signals and feeding them to loudspeakers. For a television receiver, 
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rendering generally comprises generating audio and video signals and feeding those to a 
display screen and loudspeakers. For other types of content a similar appropriate action must 
be taken. Rendering may also include operations such as decrypting or descrambling a 
received signal, synchronizing audio and video signals and so on. 
5 The set top box 101, or any other device in the system 100, may comprise a 

storage medium S 1 such as a suitably large hard disk, allowing the recording and later 
playback of received content. The storage SI could be a Personal Digital Recorder (PDR) of 
some kind, for example a DVD+RW recorder, to which the set top box 101 is connected. 
Content can also be provided to the system 100 stored on a carrier 120 such as a Compact 

1 0 Disc (CD) or Digital Versatile Disc (DVD). 

The portable display device 103 and the mobile phone 104 are connected 
wirelessly to the network 110 using a base station 1 1 1, for example using Bluetooth or IEEE 
802.1 lb. The other devices are connected using a conventional wired connection. To 
allow the devices 101-105 to interact, several interoperability standards are available, which 

15 allow different devices to exchange messages and information and to control each other. One 
well-known standard is the Home Audio/Video Interoperability (HAVi) standard, version 1 .0 
of which was published in January 2000, and which is available on the Internet at the address 
http://www.havi.org/. Other well-known standards are the domestic digital bus (D2B) 
standard, a communications protocol described in IEC 1030 and Universal Plug and Play 

20 (http://www.upnp.org). 

It is often important to ensure that the devices 101-105 in the home network 
do not make unauthorized copies of the content. To do this, a security framework, typically 
referred to as a Digital Rights Management (DRM) system is necessary. 

In one such framework, the home network is divided conceptually in a 

25 conditional access (CA) domain and a copy protection (CP) domain. Typically, the sink is 
located in the CP domain. This ensures that when content is provided to the sink, no 
unauthorized copies of the content can be made because of the copy protection scheme in 
place in the CP domain. Devices in the CP domain may comprise a storage medium to make 
temporary copies, but such copies may not be exported from the CP domain. This framework 

30 is described in European patent application 01204668.6 (attorney docket PHNL010880) by 
the same applicant as the present application. 

Regardless of the specific approach chosen, all devices in the in-home network 

thatjmplemeny^ 

requirements. Using this framework, these devices can authenticate each other and distribute 
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content securely. Access to the content is managed by the security system. This prevents the 
unprotected content from leaking to unauthorized devices and data originating from untrusted 
devices from entering the system. 

It is important that devices only distribute content to other devices which they 
have successfully authenticated beforehand. This ensures that an adversary cannot make 
unauthorized copies using a malicious device. A device will only be able to successfully 
authenticate itself if it was built by an authorized manufacturer, for example because only 
authorized manufacturers know a particular secret necessary for successful authentication or 
their devices are provided with a certificate issued by a Trusted Third Party. 



SECRET SHARING 

In any authentication scheme some global secret or common information must 
be present and any party that wants to authenticate itself to another party must have at least 
some information in common with the other party. Although it is theoretically possible to 

15 give the global secret to every device, in practice this is not recommended: if the global 

secret becomes known (by, for example, hacking one device), adversaries can take over the 
role of the Trusted Third Party (TTP) which distributed the global secret to trusted parties in 
the first place. This way, non-compliant devices enter the system and the security of the 
initial system is compromised making authentication futile. It will be impossible to detect the 

20 non-compliant devices because the total global secret is known. 

A possible way to solve this is secret sharing: every trusted party gets a share 
of the global secret. This share is sufficient to be able to authenticate itself to an other party 
but a large number of shares is required to reconstruct the global secret (if possible at all). 
When one device is compromised, only a share of the global secret becomes known and 

25 measures can be taken to revoke this device. 

The present invention uses a secret sharing protocol to allow the parties to 
determine a common secret. Usually the parties will then verify that the other knows the 
secret, see section "SECRET VERIFICATION* 5 below. However, the parties might also go 
ahead without an explicit check. For instance, the secret could be used as an encryption key 

30 to encrypt some information sent to the other party. If the other party does not have the same 
secret, he cannot decrypt the information. This implicitly authorizes the other party. 

Fig. 3 schematically shows a generalization of the system of Fig. 2, 
comprising a prover P, a verifier V and a trusted third party TTP. In accordance with the 
present invention, the verifier V wants to authenticate the prover P using information 
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received from the trusted third party TTP. Preferably the authentication is mutual, so that the 
prover P also knows the verifier V is authentic. 

The information necessary to authenticate the verifier V to the prover P is 
assumed to have been distributed from the TTP to the parties P and V beforehand. This can 
5 be done over a communication channel between the parties P and V and the TTP. This makes 
the protocol dynamic and allows easy updating of the information in case an adversary 
manages to obtain unauthorized access to a previously distributed secret. 

The prover P and verifier V can be devices such as the carrier 120, equipped 
with a chip that provides the necessary functionality, and the audio playback device 105. In 
1 0 such a case, there will most likely not be a communications channel from the TTP to prover 
" and "verifier. Distribution of the" secrets must tiSe'n be done b^fofenahd, for exampleTnThe" 
factory where the carrier 120 or the device 105 is manufactured. 

The prover P comprises a networking module 301, a cryptographic processor 
302 and a storage medium 303. Using the networking module 301, the prover P can send and 
1 5 receive data to the verifier V. The networking module 301 could be connected to the network 
1 10, or establish a direct connection (e.g. a wireless channel) with the verifier V. 

The cryptographic processor 302 is arranged to execute the method according 
to the invention. Usually, this processor 302 is realized as a combination of hardware and 
software, but it could also be realized entirely in hardware or software, e.g. as a collection of 
20 software modules or objects. 

The prover P can e.g. store the coefficients of the polynomials P and Q in the 
storage medium 303, but might also use it to hold some content that it wants to distribute to 
the verifier V after a successful authentication. The storage medium 303 may further be used 
to store the information received from the TTP. To enhance the security of the system, rather 
25 than storing the individual polynomials P and Q, the product Q q (z)P p (y) should be stored 
instead. 

Similarly, the verifier V comprises a networking module 3 1 1 , a cryptographic 
processor 3 12 and a storage 313 with functionality corresponding to that of the prover P. If 
the verifier V is embodied as a carrier 120 with Chip-In-Disc, then the storage 313 may 
30 correspond to the storage available to any (optical) disc but preferably is stored in ROM on 
the Chip-In-Disc. 

Additionally, the prover P and the verifier V may be provided with a pseudo- 

ra ndom number generator 304, 314 (in hard- and/or software) that provides cryptographically 

strong pseudo-random numbers. These numbers are used in preferred embodiments of the 
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method according to the invention. Several embodiments to authenticate the prover P to the 
verifier V will now be discussed with reference to Figs. 4 and 5 below. 

GENERATING A COMMON SECRET USING TWO SYMMETRICAL POLYNOMIALS 
5 Fig. 4 illustrates a secret sharing protocol based on two symmetrical 

polynomials each in two variables according to a preferred embodiment of the invention. 
Parts of the set-up and steps performed by the parties have already been explained above with 
reference to Fig. 1, and will not be repeated here. 

The symmetric polynomial P is multiplied by a symmetrical polynomial 
10 Q(x, z), e.g. Q(x, z) = xz. In addition to fixing the polynomial P in p i? the polynomial Q is 
now fixed in as well. The prover now receives from the TTP, instead of the polynomial P 
fixed in pi, the product of the reduced polynomials: 

Qtiu*)P(Pi>y) = QqS z> > p Px 00 

as well as the values pi and qi. Similarly, the verifier receives, instead of the polynomial P 
1 5 fixed in p 2 , the product of the reduced polynomial 

Q(<j2>z)?(P2>y) = Qq 2 i*)P P2 OO 

as well as the values p2 and q2. Preferably the prover and the verifier store the polynomials in 
the form of their coefficients: 

n n 
S\ j = 9\ Z UjP\ and g 2 / = ? 2 E *ijP 2 

20 Preferably the values qi and are first multiplied by a random factor r by the 

TTP. This way, the values qi and qi are hidden to an adversary who may gain unauthorized 
access to the device embodying the prover and/or the verifier, preventing him from passing 
off as an authorized device. 

From the above it follows that 

25 Qqx (T9 2 )P Pl (P 2 ) = 9 l rq 2 P(Pi,P 2 ) = 9 2 ?q x P(p 2 >Pl) = Qq 2 ^9 x )Pp 2 (p, ) 

which demonstrates that the prover and the verifier are able to generate a common secret as 
the product of the polynomials P and Q using the elements pi and qi which they have and the 
elements pi and q\ which they receive from the other party, even when the blinding factor r is 
used to hide the actual values of q*. 

30 If we now limit the number of values for pi to less than Vi(n+2), the 

coefficients of the polynomials P and Q can not be retrieved. The number of values for qi in 
the total system is not limited by the degree of the polynomial P, as is the case in the Blom 
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system, but only by the number of possible elements q* in the domain of Q. This makes it 
possible for a sufficient number of values q s to supply every party with a unique share of the 
global secret 

Having received the product of the polynomials P and Q and the values pi and 
qi (or r-qO, the parties P and V now attempt to generate a common secret, as illustrated in Fig. 
4. Both parties exchange their values of p s and qi (or r-qO, and compute their respective 
secrets Si and S 2 . Preferably the parties P and V first generate respective random numbers n 
and 12. Then they compute n q, and r 2 -q 2 respectively and exchange these products instead of 
the values q, and q 2 themselves. This has several advantages, amongst which is the fact that 
the random numbers r, and r 2 hide the values of qi and q 2 , which makes it very difficult for 
' an eavesdropper or 1 non-compliant devicelo leamlometh£g abo^FqTandT q 2 . Additionallyr 
it makes it possible for either of the parties (say, the prover P) to calculate its secret Si as 

Si=Q(qu r r r 2 -q 2 )-P(pi, p 2 ) 

GENERATING A COMMON SECRET USING LIMITED SYMMETRICAL 
POLYNOMIALS 

Fig. 5 illustrates a variation on the protocol of Fig. 4 in which the polynomial 
P is symmetrical only in a limited number of points. The polynomial P is based on a 
symmetric matrix T and it can be shown that the polynomial P(x, y) is symmetrical for all 
values of x and y in the domain of P. However, if more than V z (n+2) different values Pi are 
used, an adversary can theoretically reconstruct the matrix T. Therefore the polynomial P 
needs only be symmetric in m values p, , . . . , p m with m < l /<n+2). In order to explain how to 
build polynomials which are symmetric only in a limited number of points, we first present 
some definitions. 

The inner product of two ^-dimensional vectors x = (xi, x„) and 



n 



jj = ( yi Yn) ^ given by {x,y) = J>* W . The tensor product x ® y of x and y is given 

z=l 

by x<8>y = (x l y > ... ) x n y). 

The Vandermonde vector p V " of length n+1 is associated with p given by 

pV n = (\ y p, p 2 ,. .. >P ") . Unless stated otherwise, all Vandermonde vectors will have length 
n+-rrand-foi^e^f-n^^^ 
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m < 1 /2(n+2) distinct values, we form the Vandermonde vectors p? , . . . , p^ . These m vectors 
are linearly independent. Thus, these vectors are the base vectors of a subspace A. 

Next, we consider all possible tensor products pj ® pj for i, j=l , . . . , m. It is 

known from tensor calculus that these m 2 tensor products form the basis of the tensor space 
5 A=A®A. For all vectors f e A x it then holds that 

Using the above definitions, the polynomial P(x, y) is rewritten as an inner 

product: 

P(x 9 y) = (t 9 x V <8>y V ) 

1 0 where F denotes the vector (too, ... ? ton, tio, . . . , t nn ). That is, it contains the entries of the 
matrix T. In its rewritten form, P is still symmetric. 

We then choose m distinct elements pi, p m . With these elements, we build 

Vandermonde vectors and tensor products p? ® pj from the Vandermonde vectors. We 

then choose a vector y from the perpendicular space A 1 of the space A, as explained above. 
15 The rewritten form of the polynomial P can then be evaluated in points chosen from the 

preferred set { pi, . . ., p m }. The vector y can be added to the vector t and because y e A 1 
we have 

p{pup j) = (t + ?,p\ ® pj) = (t,pf ® ?j) + (?>pY ® p v j ) = (t>py ® pj) 

In other words, if we derive from the vector y = (y l ) a matrix 



20 



f 

Yl Tn+2 - 



and add this matrix F to the matrix T, we still have P(pi, pj) = P(pj, pi) for all pi and pj in the 
preferred set. 

The above observations are used by the TTP to set up the system by 
performing the following operations: 
25 1 . The TTP chooses a random symmetric (n+1) x (n+1) matrix T and preferably an arbitrary 
value r. 

2. The TTP chooses m distinct random elements pi, . . p m with m < l / 2 (n-f 2). 



PHNL020 1 92EPP 




12 



12.03.2002 



4. 



3. 



From the tensor products p? ® pj the TTP calculates the space A. 

From the m elements pi, . . ., p m the TTP preferably chooses the first m* <m elements. 
This way, the system becomes renewable (explained below in section 
"RENEWABILITY"). 



5 



The TTP can then issue devices, that is, provide devices with a share of the 



global secret to allow these devices to (mutually) authenticate themselves with other devices 
with a share of the global secret. Such devices are often referred to as certified devices or 
authorized devices. Next to mutually authenticating other certified devices, a certified device 
can also detect an unauthorized device, usually because authentication with that device fails. 
10. . In .order.to. issue a device^ the TO _ 

1 . For a device i, the TTP randomly chooses f / e A 1 and pi randomly from the set with m 
elements pi, ...» p m > preferably from the chosen subset with m ' elements. 

2. The TTP generates a matrix T\ from f z - and forms the matrix T r = T+ITi 

3. From T r , the TTP builds the bivariate polynomial P(x, y) and calculates the coefficients 
15 of the uni-variate polynomial P(pu y) which can be expressed as T r pf[ • 

4. The TTP distributes the values pi, r-qi and the vector q{T r pf to the device I 

Having received their respective information, as indicated in Fig. 5, the parties 
P and V now exchange their values p* and xyr-qi and generate their respective secrets Si and 
S 2 as follows: 



If Si=S 2 , then the parties have generated a common secret. The parties can 
implicitly conclude that the other party also knows the secret, or explicitly verify that the 
other party knows the same secret. This is discussed below at "SECRET VERIFICATION". 

25 RENEWABILITY 



20 




An important aspect of any authentication or common key generation scheme 



for a system like the system 100 is renewability. The TTP may wish to periodically replace 
the secrets installed in the devices 101-105 to foil adversaries who have managed to gain 
unauthorized access to the original secrets. 
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The embodiments illustrated in Fig. 5 can be used to introduce renewability 
into the system 100, by exploiting the properties explained in the previous sections. Initially 
the TTP issues devices using only the elements pi, . . p m * with m ' < m < (n + 2)/2 so that 

pY ® pj with i>je{ 1> m ' } span a space A'. However, the matrices Tr = T + T use T's 
5 derived from y e A" 1 . If we denote the polynomial stored in a device i by 7p , then that 

device contains the pair ( 7p jjjT , p^. 

Now we assume that somehow an adversary was able to retrieve the m ' 
elements p t and also some device polynomial T^pY > f° r example by breaking open a device. 
The adversary can now generate a new vector f e A'^ and issue devices containing 
10 ( (Xt + r ') pj , pi). These devices will work with all compliant devices containing one of the 
values pi, . . p m *: the adversary's device receives pj <= { pu Pm> } from a compliant device 
and evaluates 

and the second party evaluates 

i s p(j> j, pi) - (? + F/,pj ® ) = (^j ® *r) - (?.*r • ^j) 

which shows that both evaluations are equal. 

If the TTP notices that such devices axe issued by an adversary, the TTP can 
start to issue devices using p m ^h Pm- with m'<m" such that tensor products of 

pY • • >pYrf> span a space A" . Note that A ,f± a A f± . Therefore these new devices will work 

20 with the adversary's device if the adversary had chosen f e A n± . Iff is chosen randomly 

in A ,J - the probability that it is also in A tf_L is very small. 

This provides the system with a certain amount of renewability: the new 
compliant devices issued by the TTP do not work with the adversary's devices with a very 
high probability. The maximum number of times the system can be renewed is m - 1 < n/2 
25 with n the degree of the polynomial P. This occurs when with each renewal one value of 
Pi e { pi, .. M p m } is added. 
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SECRET VERIFICATION 

After the parties have each independently generated the secret, the next step of 

the protocol is verifying that the other party knows the secret. If one of the parties can prove 

to the other party that he knows the secret, then this party is authenticated to the other party. 
5 Additionally, the other party may similarly authenticate himself to the first party to achieve 

mutual authentication. 

Having verified that the prover knows the secret, the verifier can then use the 

secret Sj to securely communicate some piece of information to the prover. For instance, an 

encryption key necessary to access encrypted content can be encrypted with 5/. The result 
10 can be transmitted to the prover, which in turn can recover the encryption key using S3 

(which is ^ 

the encrypted content. 

There are several ways to verify that a party knows the secret generated as 

above. Two preferred embodiments are based on zero-knowledge protocols and commitment- 
1 5 based protocols. 

ZERO-KNOWLEDGE BASED VERIFICATION 

First, verification based on zero-knowledge (ZK) protocols will be discussed. 
ZK-protocols are discussed in the Handbook of Applied Cryptography by A. Menezes, P. van 
20 Oorschot and S. van Stone, CRC Press 1996, pp. 405-416. In apreferred embodiment, the 
Guillou-Quisquater (GQ) zero-knowledge protocol is used, because it is efficient in terms of 
memory requirements and communication. The GQ protocol is known from US 5,140,634 
(attorney docket PHQ 87030) by the same assignee as the present application. 

As explained above with reference to Figs. 4 and 5, both parties P and V have 
25 evaluated their polynomials and thus obtained values S } and S 2 , respectively. Either party 

must now prove to the other party in ZK that he knows S h Since the GQ protocol is based on 
public key cryptography, we need a composite number m=pq which is the product of two 
primes p and q and a number e > 1 such that gcd(e, (p-l)(q-l)) = i. 

P will prove to V that he knows the e-th root of Si mod m . The GQ protocol 
30 is illustrated in Fig. 6 where the values e and m are public. The protocol proceeds in 
accordance with the following steps: 
1 . V calculates v = S{ , 
2"^^KooselTan^ 
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3. V chooses a random challenge c e { 1, . e-1 } and sends c to P 

4. P replies with y = rSf , 

5. V computes y e and concludes that P knows the same secret as V if and only if 

y e = (rSf) e mod m = r e v c mod m = r e (S%)° mod m = mod m , since this implies 

5 thatS!=S 2 . 

Because of the ZK properties of the protocol, V nor an eavesdropper will learn 
anything about the secret Si of P. On acceptance of P by V, the roles of P and V are 
interchanged and V will show to P that he knows the £-th root of SI mod m . This way, P and 
V are mutually authenticated. 

1 0 The set-up of the protocol differs slightly from what is found in the literature: 

normally, v = S* is published and if P anticipates a challenge c* he can send as a first 
message zV** and still be accepted by V without knowledge of S2. The probability of 
choosing the proper challenge is e 1 . In the current set-up it is not necessary to publish v = SI 
and this makes it impossible for P to calculate v' c * from an anticipated challenge and this 

15 reduces the probability of unjust acceptance to m 1 \ Therefore e can be chosen as low as 2, 
effectively transforming GQ into a Fiat-Shamir protocol but with an error probability m l in 
one round This means that the devices only have to perform modular exponentiations with 
small exponents in contrast with e.g. RSA. 

To make it even more efficient, one might consider an implementation using a 

20 Montgomery representation (see P.L. Montgomery, Modular multiplication without trial 
division, Mathematics of Computation, Vol.44, no.170, April 1985, pp. 519-521). 

COMMITMENT-BASED VERIFICATION 

As an alternative for ZK protocols, a commitment-based protocol can be used 
25 to allow one party to verify that the other party knows the secret. An advantage of this 

approach is that symmetric key cryptography can be used, which can be implemented very 
efficiently. 

In contrast to the previous situation, both parties P and V play the role of 
verifier and prover simultaneously which makes the protocol efficient in terms of 
30 communication. As before P computed S/ and V computed 5^, respectively. The protocol (see 
Fi g- 7) goes through the following steps: 
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1 . V chooses a random number r with length matching the block length of the symmetric 
cipher. 

2. V encrypts r using a symmetric cipher with S 2 as a key, and sends the encryption E S 2(r) to 
P, 

5 3 . P decrypts the message using Si . The result is r ' = D Sl (Es 2 (r)) . 

4. P chooses a random number R and sends a commitment on r ' to V. The commitment is 
obtained as a function commit(R, r'), discussed below. 

5. V sends r to P and P checks if r ' = r and stops further communication with V if this is not 
the case, 

1Q 6. P sends r ' and Rto V. V opens the commitment and checksjf if r ' =/ and stops further 

communication with P if the check is not satisfied. 

The commit function should implement the binding and hiding properties of 
the commitment. Binding refers to P's ability to change the value r' in the commitment. It 
must be difficult or impossible for P to find a value R ' such that commit (R, r')= commit (R ', 
1 5 r). The hiding property refers to the ability of V to obtain information on r ' after receiving 
commit (R, r'J.ln practice, cryptographic hash functions or one-way functions are often used 

as commit functions. 

In this set-up the symmetric cipher used to encrypt r can also be used as the 
commit function. The hiding property is trivially satisfied, because without knowledge of the 

20 randomly chosen R, V can not get information on r ', independent of the amount of 

computing power of V. Hence the commitment is unconditionally hiding. The binding 
property follows from the fact that for a symmetric cipher, E K (x) = z is known to be a one- 
way function in K with x and z known: given B R (r 0 and r it is not known how to find a value 
R ' such that E*<r) = E *0* 0 m less than 2$S °P erations - commitment is thus 

25 computationally binding. 

Next we consider the completeness and the soundness of the protocol. 
Completeness refers to the case that both parties execute the protocol correctly and Si = S 2 . It 
then follows by inspection and the symmetry properties of the symmetric cipher that when 

Si = S 2 , they will find r = r '. 
30 Soundness refers to the situation of mutual acceptance when P does not know 

S } or V does not know S 2 . To be unjustly accepted, P can send any value z as a commitment 
to V. After receiving r from V, P must find a value R ' such that commit(R ', r) = E R -(V) = z. As 



R ' a difficult problem. 
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Similarly, if V does not know S 2 he can choose any value z to P who will reply 
with Er(Ds2C0). To be accepted, V has to obtain D S 2(*) which is very difficult because the 
commitment is unconditionally hiding due to the random value R. If Si happens to be a weak 
DES encryption key, V will be accepted if he chooses z such that D S i(z) = z. For a weak key 
there are 2 32 of such fixed points and the probability on unjust acceptance by P is 
2 32 /2 64 = 2" 32 . 



SOME ADVANTAGES OF THE INVENTION 

The method according to the invention achieves a substantial saving in terms 
10 of required energy (power) in the devices in which it is executed, as well as a substantial 
saving in terms of processing time compared to authentication based on RS A. 

In general, the power consumption depends on the architecture of the 
implementation. For example, varying the architecture, one can trade power consumption for 
clock speed. A second important factor is the technology which is used: modem technologies 
15 with small minimum feature sizes and low supply voltages will in general require less power 
than older technologies. 

The table below gives an estimate of the required effort for the different parts 
of the protocols in terms of n (the degree of the polynomial), k (length in bits of a value), / 
(length in bits of the GQ modulus) and h (length in bits of the RSA modulus). The estimated 
20 effort is expressed in terms of single precision multiplications (sp-mults) i.e. the 
multiplication of two bits in the context of a multiplication of two fc-bit numbers. 



Subprotocol 


Required effort 


Polynomial evaluation 


k z (n + 3) sp-mults 


GQ protocol 


20/ z sp-mults 


Commit protocol 


1 00,000 gate transitions ; 


RSA protocol 


3 /4h* sp-mults 



25 



The table below shows estimates for the required energy for the subprotocols 
in Joule for a number of values for n, k, I and h and the amount of processing time when the 
invention is used in a Chip-In-Disc application with an available power of 0.5mW. 
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RSA 


86.5^1 


86.5jx 


692^ 


692^1 


692^(1.4s) 



One should note that the values above are based on an estimate for the 
required energy per sp-mult. The real energy depends on the chosen architecture, layout, 
5 optimization goal in the design process (e.g. power or speed), etc. Nevertheless, the data in 
the above table give insight in the ratios of the energies required for the different protocols. It 
can be seen in the last column that, even for polynomials of degree 2048 and 64 bit values, 
the new protocols axe a factor 30 to 100 more efficient than RSA. 

In the special case of CID, which has a maximum of 0.5mW power available, 
10 we derive that an RSA protocol would require approximately 1 second, while the protocols 
based on symmetric polynomials requires at most 52ms. 

It should be noted that the above-mentioned embodiments illustrate rather than 
limit the invention, and that those skilled in the art will be able to design many alternative 
embodiments without departing from the scope of the appended claims. While in the above 
15 the authentication method has been set out in the context of content protection and digital 
rights management, the invention is of course not restricted to this context. 

The invention can be considered as a universal building block for 
authentication at interfaces between any pair of components and/or devices, especially when 
low power consumption is important. As such it can for instance also be applied in CD2, in 
20 set-top boxes, in wireless smartcards, wired or wireless networks, et cetera. The invention is 

alsc^ef^^.vhen-a-hurriari-^/erifier needs to authenticate ^ Human prover n<;ir>a_tT^n_rPLCT>erth/p- 

interconnected devices. 
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It will be clear that where in the above the term "random number" or 
"arbitrarily chosen number"' is used, this includes numbers chosen using a pseudo-random 
number generator implemented in hardware and/or software, with or without seed values 
derived from truly random events. The security of the method depends for a great deal on the 
5 quality of the pseudo-random number generator. 

In the claims, any reference signs placed between parentheses shall not be 
construed as limiting the claim. The word "comprising" does not exclude the presence of 
elements or steps other than those listed in a claim. The word "a" or "an" preceding an 
element does not exclude the presence of a plurality of such elements. The invention can be 
1 0 implemented by means of hardware comprising several distinct elements, and by means of a 
suitably programmed computer. 

In the device claim enumerating several means, several of these means can be 
embodied by one and the same item of hardware. The mere fact that certain measures are 
recited in mutually different dependent claims does not indicate that a combination of these 
1 5 measures cannot be vised to advantage. 
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CLAIMS: 



1 . A method of generating a common secret between a first party and a second 

party, in which the first party holds a value pi and a symmetrical polynomial P(x,y) fixed in 
the first argument by the value p u and the first party performs the steps of sending the value 
pi to the second party, receiving a value p2 from the second party and calculating the 
5 common secret Si by evaluating the polynomial P(pi, y) in p2, characterized in that the first 
party additionally holds a value qi and a symmetrical polynomial Q(x, z) fixed in the first 
argument by the value qi, and further performs the steps of sending qi to the second party, 
receiving q2 from the second party and calculating the secret Si as Si=Q(qi, q2)-P(pi> P2). 

10 2. The method of claim 1 , in which the first party further performs the steps of 

obtaining a random number n, calculating rpqi, sending n-qi to the second party, receiving 
rrqi from the second party and calculating the secret Si as Si=Q(qi, ri-rrq2)-P(Pb P2). 

3 . The method of claim 2, in which the first party holds the value qi multiplied 

15 by an arbitrarily chosen value r, and the product Q(qi, z)P(pi, y) instead of the individual 

polynomials P(pj, y) and Q(qi, z), and the first party performs the steps of calculating r v r-qi, 
sending ri-r-qi to the second party, receiving r2»r-q2 from the second party and calculating the 
secret Si as Si=Q(qi, r r r2-rq 2 )-P(pi, p 2 ). 

20 4. The method of claim 1, in which the second party holds a value p 2 and a value 

q 2 , the symmetrical polynomial P(x, y) fixed in the first argument by the value p2, the 
symmetrical polynomial Q(x, z) fixed in the first argument by the value q 2 > and the second 
party performs the steps of sending q2 to the first party, receiving qi from the first party and 
calculating a secret S2 as S2 == Q(q2» qi)-P(p2, Pi), whereby the common secret has been 

25 generated if the secret S2 equals the secret Si. 

5. The method of claim 1, in which a trusted third party performs the steps of 

choosing a symmetric (n+1) x (n+1) matrix T, constructing the polynomial P using entries 
from the matrix T as respective coefficients of the polynomial P, constructing the polynomial 
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Q(x, y), choosing the value pi, the value p2, the value qj and the value q 2 , sending the value 
pi, the value qi, the polynomial P(x, y) fixed in the first argument by the value pi and the 
polynomial Q(x, z) fixed in the first argument by the value qi to the first party, and sending 
the value p2, the value q 2 , the polynomial P(x, y) fixed in the first argument by the value p2 
5 and the polynomial Q(x, z) fixed in the first argument by the value to the second party 

6. The method of claim 5, in which the trusted third party further arbitrarily 

chooses a value r, sends the value r-qi instead of the value qi and the product Q(qi, z)P(pi, y) 
instead of the individual polynomials P(pi, y) and Q(qu z) to the first party and sends the 
1 0 value r-q2 instead of the value q% and the product Q(q2, z)P(P2, y) instead of the individual 
polynomials P(p2, y) and Q(q2, z) to the second party. 

78. The method of claim 5, in which the trusted third party further performs the 

steps of 

1 5 choosing a set comprising m values p,-, including the values pi and p 2 , 

calculating a space A from the tensor products ® pj of the Vandermonde 

vectors p? built from the set of values pi, 

choosing a vector y x and a vector y 2 from the perpendicular space A 1 of the 
space A, constructing a matrix T r = T+17i from the vector f x and a matrix T r2 = T+r2 from 

20 the vector f 2 , constructing a polynomial P Pi (x, y) using entries from the matrix T r and 

sending the polynomial P fl (x,y) fixed in the first argument by the value pi to the first party, 
and 

constructing a polynomial P 1 * (x> y) using entries from the matrix T r 

sending the polynomial P r 2 (x,y) fixed in the first argument by the value p 2 to the second 
25 party. 

8. The method of claim 5, in which a number m ' of values pi, and m l < axe 

distributed to additional parties. 
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9. The method of claim 1 , further comprising the step of verifying that the 
second party knows the secret Si. 

10. The method of claim 9, in which the first party subsequently applies a zero- 
5 knowledge protocol to verify that the second party knows the secret Si. 

1 1 . The method of claim 9, in which the first party subsequently applies a 
commitment-based protocol to verify that the second party knows the secret Si. 

10 12. The method of claim 1 1, in which the second party uses a symmetric cipher to 

encrypt a random challenge, and sends the encrypted random challenge to the first partyand 
the first party subsequently uses the same symmetric cipher as a commit function to commit 
himself to a decryption of the encrypted random challenge. 

15 13. A system comprising a first party, a second party and a trusted third party, 

arranged to execute the method of any of the claims above. 

14. A device arranged to operate as the first party and/or as the second party in the 
system of claim 13. 

20 

15. The device of claim 14, comprising storage means for storing the polynomial 
P and the polynomial Q in the form of their respective coefficients. 



25 



16. A computer program product for causing one or more processors to execute 

the method of any of the claims 1-12 above. 
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A method of generating a common secret between a first party and a second 
party, preferably devices (101-105) in a home network (100) that operate in accordance with 
a Digital Rights Management (DRM) framework. The devices calculate the common secret 
by evaluating the product of two polynomials P(x, y) and Q(x, z) using parameters previously 
5 distributed by a Trusted Third Party (TTP) and parameters obtained from the other party. 
Preferably the parties subsequently verify that the other party has generated the same secret 
using a zero-knowledge protocol or a commitment-based protocol. The method is particularly 
suitable for very low power devices such as Chip-In-Disc type devices. 



10 
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